Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
22 May 2013

Top 5 Customer Concerns Around Managing Access Risk - Part 1

Here at Turnkey Consulting in Australia, we speak to many customers about their concerns with managing access risks in their SAP system.

Over the next 5 weeks, I will discuss the top 5 most commonly raised concerns that our customers have, and how GRC Access Control can address these. In summary, the issues are:

  1. Improper access to systems that may lead to loss from fraud or error
  2. Emergency access to systems, without the proper controls and auditability
  3. Reactive and fragmented approach to managing risk resulting in recurring audit issues
  4. Lack of visibility for management
  5. Excessive time and cost of audit

Improper access to systems that may lead to loss from fraud or error

We all know that most audits will uncover some Segregation of Duties (SoD) issues. If left unattended, excessive or conflicting access will most likely lead to loss due to fraud or error. An example of an error occurred when a user at our client, a global energy company, was authorised to run a poorly coded report, which ran for hours filling up critical tables which caused a system outage and prevented the payroll from running. An industrial relations dispute was narrowly avoided, as workers were not paid on time.

A recent example fraud occurred when a payroll officer at Australian whitegoods retailer Clive Peeters who had “full access” to their accounting systems stole $20m by altering EFT details and directing funds to her own bank account. This brought their share price down 95% and spelled the end of the company.

Both of the above scenarios could have been easily prevented by using Access Control to detect and prevent both SoD conflicts, and access to sensitive transactions. In our experience, clients have typically reduced their SoD violations by around 80% within first 3-6 months of implementing AC.